Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200408-11 ] Nessus: "adduser" race condition vulnerability
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message

Joined: 13 Jun 2003
Posts: 4087
Location: Dresden, Germany

PostPosted: Thu Aug 12, 2004 2:53 pm    Post subject: [ GLSA 200408-11 ] Nessus: "adduser" race conditio Reply with quote

Gentoo Linux Security Advisory

Title: Nessus: "adduser" race condition vulnerability (GLSA 200408-11)
Severity: normal
Exploitable: local
Date: August 12, 2004
Updated: May 22, 2006
Bug(s): #58014
ID: 200408-11


Nessus contains a vulnerability allowing a user to perform a privilege escalation attack.


Nessus is a free and powerful network security scanner.

Affected Packages

Package: net-analyzer/nessus
Vulnerable: <= 2.0.11
Unaffected: >= 2.0.12
Architectures: All supported architectures


A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable.


A malicious user could exploit this bug to escalate privileges to the rights of the user running "nessus-adduser".


There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Nessus.


All Nessus users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=net-analyzer/nessus-2.0.12"
# emerge ">=net-analyzer/nessus-2.0.12"


Secunia Advisory

Last edited by GLSA on Mon Oct 30, 2006 4:16 am; edited 4 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum